Error + no running copy + squid

error + no running copy + squid

squid: ERROR: No running copy 2010/11/28 09:35:36| ACL name 'job' not defined! FATAL: Bungled squid.conf line 38: http_access deny job. When squid's pid==1, ploblem is appeard. Use "docker run --init" etc. All reactions. First run the ps command to find the squid pid and then create the squid. pid file based on that number. Note also that depending on distro the location of. error + no running copy + squid

Error + no running copy + squid - commit

WARNING: '.alibaba.com' is a subdomain of '.alibaba.com'
2010/11/30 08:42:32 WARNING: You should probably remove '.alibaba.com' from the ACL named 'baddom'
2010/12/02 08:28:48 WARNING: because of this '.alibaba.com' is ignored to keep splay tree searching predictable
2010/12/02 10:52:35 0 Objects expired.
2009/12/18 15:35:30 ACL name 'job' not defined!
FATAL: Bungled squid.conf line 38: http_access deny job
Squid Cache (Version 2.6.STABLE21): Terminated abnormally.
2010/11/28 09:35:42 WARNING: You should probably remove '.alibaba.com' from the ACL named 'baddom'
2010/12/02 13:44:02 grep squid
doesn't locate anything to kill

Are there alternative to squid and iptables?
I just don't have luck with iptable and now squid problems.

Last edited by Joseph_sys on Thu Jan 21, 2010 8:03 pm; edited 1 time in totalBack to top
View user's profileSend private message
Joseph_sys
Advocate
Advocate


Joined: 08 Jun 2004
Posts: 2615
Location: Edmonton, AB
PostPosted: Thu Jan 21, 2010 7:05 am    Post subject: Reply with quote

It appears this problem appears only when I start iptables
so I should be looking for alternative to iptables :-/
Back to top
View user's profileSend private message
nativemad
Developer
Developer


Joined: 30 Aug 2004
Posts: 917
Location: Switzerland
PostPosted: Thu Jan 21, 2010 8:36 am    Post subject: Reply with quote

Hi,

there isn't any iptables alternative in 2.6 Kernels afaik.

Could you tell a bit more about the setup!? -Is squid in transparent mode!?

But even if you block a port with iptables, a service should be able to bind itself to that port. Do you get any useful logs from the squid's startup?
_________________
Power to the people!
Back to top
View user's profileSend private message
Joseph_sys
Advocate
Advocate


Joined: 08 Jun 2004
Posts: 2615
Location: Edmonton, AB
PostPosted: Thu Jan 21, 2010 3:01 pm    Post subject: Reply with quote

nativemad wrote:
Hi, error + no running copy + squid,

there isn't any iptables alternative in 2.6 Kernels afaik.

Could you tell a bit more about the setup!? -Is squid in transparent mode!?

But even if you block a port with iptables, error + no running copy + squid, a service should be able to bind itself to that port. Do you get any useful logs from the squid's startup?


Yes, I have squid in transparent mode and it is working too well, squid is not allowing to access "localhost" except 127.0.0.1:631 (cups). I don't know why?

iptables:
Code:
iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner squid -j ACCEPT
iptables -t nat -A OUTPUT -p tcp --dport 3128 -m owner --uid-owner squid -j ACCEPT
iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 3128

that is all I have in there anything else is INPUT REDIRECT are ACCEPT

The strange part is, if I disable the iptable and configure firefox to use proxy 127.0.0.1:3128 I can access localhost just fine (nothing is blocked) and only the pages I defined in squid.
All I want to do is to act iptable as redirect to squid and squid to allow access to one or two error + no running copy + squid that is all.
Here is what I get from squid:
Code:
ERROR
The requested URL could not be retrieved

The following error was encountered while trying to retrieve the URL: http://127.0.0.1/asterisk-stat-v2/cdr.php

    Access Denied.

Access control configuration prevents your request from being allowed at this time. Squidclamav error c-icap-config not found contact your service provider if you feel this is incorrect.

Your cache administrator is root.

Generated Thu, 21 Jan 2010 15:03:05 GMT by localhost.localdomain (squid/3.0.STABLE19)

So that squid is blocking this page only when the getting the input form iptables; if iptables is disabled and I use squid proxy only, I can access this page just fine.
Back to top
View user's profileSend private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 19202

PostPosted: Thu Jan 21, 2010 3:12 pm    Post subject: Reply with quote

Joseph_sys wrote:
Yes, I have squid in transparent mode and it is working too well, squid is not allowing to access "localhost" except 127.0.0.1:631 (cups). I don't know why?

That works because you have not told iptables to redirect port 631 to Squid. The nat rules you provide only affect port 80, not port 631.
Back to top
View user's profileSend private message